]]>Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.trustedcs.Privileged user security; FTC holding companies to a mysterious security standard; Information overload; business users bypass IT and go straight to the cloud.Jerry Bell and Andrew Kalatclean1:02:551176Defensive Security Podcast Episode 69https://defensivesecurity.org/defensive-security-podcast-episode-69/
Fri, 30 May 2014 00:58:36 +0000https://defensivesecurity.org/?p=1172https://defensivesecurity.org/defensive-security-podcast-episode-69/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-69/feed/0Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-69/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 69</span> <span class="meta-nav">→</span></a>Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT’s Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.

]]>Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment,Advice from Bob on the importance of an accurate inventory; TrueCrypt meets an unfortunate end; Weak passwords are responsible for the initial intrusion in 31% of breaches; 71% of exploits used Java; 59% of malicious email used an attachment, 41% used a link; NTT's Global Threat Intelligence Report finds that most incidents are the result of failing to take basic precautions; DHS reports about a public utility compromised by a brute force attack; There is an apparent discrepancy between the severity of the breaches detailed in the recent DOJ indictment of alleged Chinese hackers and the way that the breached companies categorize was was stolen, and whether that loss needed to be reported to share holders.Jerry Bell and Andrew Kalatclean55:291172Defensive Security Podcast Episode 68https://defensivesecurity.org/defensive-security-podcast-episode-68/
Wed, 21 May 2014 02:03:50 +0000https://defensivesecurity.org/?p=1167https://defensivesecurity.org/defensive-security-podcast-episode-68/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-68/feed/0Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://arstechnica.com/tech-policy/2014/05/how-chinas-army-hacked-american-companies/ http://www.infosecnews.org/emory-university-windows-network-wiped-out-blame-emps-cyberwar-squirrels-try-accidental-reformat/ http://www.theregister.co.uk/2014/05/15/aisa_finding_infosec_bores_board_execs/ http://www.computerworld.com.au/article/545450/how_avoid_big_data_security_breachhttp://www.reuters.com/article/2014/05/16/us-cyber-summit-infrastructure-idUSBREA4F0OK20140516 http://www.itpro.co.uk/data-loss-prevention/22273/employees-steal-data-to-make-good-impression-in-a-new-jobAdvice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.

]]>Advice from Bob; How China’s army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on th...Advice from Bob; How China's army hacked America; Emory University has an SCCM meltdown; Bored executives pull infosec funding; How to avoid a big data security breach; US industry not taking industrial security seriously; Employees stealing data on their way out the door.Jerry Bell and Andrew Kalatclean58:421167Defensive Security Podcast Episode 67https://defensivesecurity.org/defensive-security-podcast-episode-67/
Wed, 14 May 2014 03:00:09 +0000https://defensivesecurity.org/?p=1162https://defensivesecurity.org/defensive-security-podcast-episode-67/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-67/feed/0Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.computerworld.com/s/article/9248205/IT_malpractice_Doc_operates_on_server_costs_hospitals_4.8M http://www.brookings.edu/~/media/research/files/papers/2014/05/07%20strategy%20not%20speed%20digital%20defenders%20early%20cybersecurity%20thinkers%20bejtlich/voices%20from%20the%20cyber%20past%20final http://www.zdnet.com/microsoft-report-downloaded-malware-exploded-in-late-2013-7000029131/#ftag=RSS4d2198eDoctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.

]]>Doctor finds out the hard way that Google likes to index stuff; What’s old is new again – the current focus on improving detection is not new; Microsoft’s Security Incident Response Report and the malware explosion; Security vs. compliance.Doctor finds out the hard way that Google likes to index stuff; What's old is new again - the current focus on improving detection is not new; Microsoft's Security Incident Response Report and the malware explosion; Security vs. compliance.Jerry Bell and Andrew Kalatclean43:371162Defensive Security Podcast Episode 66https://defensivesecurity.org/defensive-security-podcast-episode-66/
Wed, 07 May 2014 01:01:52 +0000https://defensivesecurity.org/?p=1157https://defensivesecurity.org/defensive-security-podcast-episode-66/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-66/feed/0Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-66/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 66</span> <span class="meta-nav">→</span></a>Advice from Bob; We have entered the post AV world; Target reboots it’s CEO; Microsoft backs down and patches IE 0day for XP; How to communicate to users in situations like the IE 0day; Results from a survey of executives on data protection; Australian real estate company has bank account hacked, advice is to stop using Internet email and Facebook on business computers; A report on Non-advanced Persistent Threats

]]>Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia’s vulnerability review; Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are ...Advice from Bob; The problems with qualitative risk assessments; Defending like an attacker; Secunia's vulnerability review; Watching for data breaches by looking for anomalies; The NSA targets sysadmins, expect criminals to follow suit; Insurers are finding energy firms controls are not up to snuff; 4 lessons CIOs can learn from the Target breach; A court approved a damages settlement for victims of a data breach who did not suffer any damages; Trustwave, Target's QSA, gets sued as a result of the breach.Jerry Bell and Andrew Kalatclean48:371126Defensive Security Podcast Episode 59https://defensivesecurity.org/defensive-security-podcast-episode-59/
Tue, 18 Mar 2014 00:53:04 +0000https://defensivesecurity.org/?p=1121https://defensivesecurity.org/defensive-security-podcast-episode-59/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-59/feed/0Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-59/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 59</span> <span class="meta-nav">→</span></a>Advice for the criminals from Bob; Pwn2Own results are in; Target ignored it’s FireEye alerts; Integrating threat intelligence into your operations; The problem with threat intelligence; Advanced endpoint protection advice; Workers are apathetic about lost mobile devices and company data; Lessons to learn from the hack of some Navy servers; How the Syrian Electronic Army compromised Forbes; a discussion about what to do when you see criminal activity.

]]>Some security advice from Bob; Target’s CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; Secur...Some security advice from Bob; Target's CIO resigns, should the QSA bear some responsibility? Rogue ads overtake porn as top source for mobile malware; Five things to know about malware before driving it out; Why you need to segment your network; SecurePay in denial about breach; Sally Beauty apparently breached.Jerry Bell and Andrew Kalatclean54:591113Defensive Security Podcast Episode 57https://defensivesecurity.org/defensive-security-podcast-episode-57/
Tue, 04 Mar 2014 01:30:48 +0000https://defensivesecurity.org/?p=1107https://defensivesecurity.org/defensive-security-podcast-episode-57/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-57/feed/0Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-57/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 57</span> <span class="meta-nav">→</span></a>Security recommendations from Bob; Meetup.com rides out a DDOS attack rather than pay a ransom; How to test the security savvy of your employees; Why companies need to think about this insider threat; 6 lessons learned from advanced attacks; How IT can establish better cloud control; Council on Cyber Security releases version 5 of critical security controls.

]]>Bob’s wisdom for the week; Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules,Bob's wisdom for the week; Learning from the Target breach; Question: given the massive Target breach, the Neiman Marcus breach and rumors of 6 other significant retailers being breached, assuming Target and others were complying with PCI rules, what will be the PCI council's response? AWS & GoDaddy hosting malware.Jerry Bell and Andrew Kalatclean51:281079Defensive Security Podcast Episode 50https://defensivesecurity.org/defensive-security-podcast-episode-50/
Tue, 14 Jan 2014 02:46:33 +0000https://defensivesecurity.org/?p=1072https://defensivesecurity.org/defensive-security-podcast-episode-50/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-50/feed/0Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.informationweek.com/security/attacks-and-breaches/beware-powerlocker-ransomware/d/d-id/1113344 http://www.csoonline.com/article/745703/senior-managers-fumble-security-much-more-often-than-rank-and-file http://www.csoonline.com/article/745806/rising-impact-of-target-breach-indicates-deeper-hack-into-systems?page=1 http://www.reuters.com/article/2014/01/12/us-target-databreach-retailers-idUSBREA0B01720140112 https://www.maliciouslink.com/a-different-perspective-on-the-ptv-website-vulnerability-debacle/Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation.

]]>Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry’s rant about the PTV situation. Subscribe in iTunes | Podcast RSS Feed | Twitter | Emai...Advice from Bob; the Threat of Powerlocker, a new variant of ransomware; Senior managers are bad at security; More details emerge about the Target breach; and Jerry's rant about the PTV situation.Jerry Bell and Andrew Kalatclean44:081072Defensive Security Podcast Episode 49https://defensivesecurity.org/defensive-security-podcast-episode-49/
Tue, 07 Jan 2014 02:25:35 +0000https://defensivesecurity.org/?p=1056https://defensivesecurity.org/defensive-security-podcast-episode-49/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-49/feed/0More wisdom from Bob; Yahoo’s ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-49/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 49</span> <span class="meta-nav">→</span></a>More wisdom from Bob; Yahoo’s ad network delivers the magnitude exploit kit; OpenSSL site defaced by way of the hypervisor; How a 4 year long HIPAA breach highlights the need for activity monitoring; Credit Union files lawsuit against Target, seems to lack some facts; US CERT issues advisory on POS malware; 7 dodgy tips for protecting your organization from data breaches and why this security stuff is hard; A political rant on the state of security.

]]>More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB’s from Sophos; An update on Badbios; How to handle our parent’s infected home computers over the holidays.More security thoughts from Bob; A paper on thwarting targeted email attacks from Japan; Security recommendations for SMB's from Sophos; An update on Badbios; How to handle our parent's infected home computers over the holidays.Jerry Bell and Andrew Kalatclean42:521011Defensive Security Podcast Episode 45https://defensivesecurity.org/defensive-security-podcast-episode-45/
Tue, 03 Dec 2013 02:11:49 +0000https://defensivesecurity.org/?p=1007https://defensivesecurity.org/defensive-security-podcast-episode-45/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-45/feed/099% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://m.infoworld.com/d/security/malware-war-without-end-231654 http://www.networkworld.com/news/2013/103013-gartner-defense-attacks-275438.html99% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing.

]]>99% of Indian programmers lack secure coding skills; Gartner’s 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http...99% of Indian programmers lack secure coding skills; Gartner's 5 styles of defending against advanced threats; Malware: the war without end; a discussion on the value of penetration testing.Jerry Bell and Andrew Kalatclean1:03:061007Defensive Security Podcast Episode 44https://defensivesecurity.org/defensive-security-podcast-episode-44/
Mon, 25 Nov 2013 02:17:59 +0000https://defensivesecurity.org/?p=1003https://defensivesecurity.org/defensive-security-podcast-episode-44/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-44/feed/0Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-44/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 44</span> <span class="meta-nav">→</span></a>Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet.

]]>Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; ...Another tip from Bob; Anonymous blamed for stealing US Department of Health and Human Services Data; Cupid Media loses 42M unencrypted passwords in a breach they apparently did not disclose; Looking at a Ponemon study about views of IT security staff; Botnet take downs might be more marketing than helpful; New malware uses I2P for C&C; A longer than expected discussion on Stuxnet.Jerry Bell and Andrew Kalatclean1:08:561003Defensive Security Podcast Episode 43https://defensivesecurity.org/defensive-security-podcast-episode-43/
Tue, 19 Nov 2013 02:08:59 +0000https://defensivesecurity.org/?p=999https://defensivesecurity.org/defensive-security-podcast-episode-43/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-43/feed/0More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email PCI 3: http://www.bankinfosecurity.com/critiquing-new-version-pci-dss-a-6208 Study of malware analysts, highlighting that it’s apparently common to … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-43/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 43</span> <span class="meta-nav">→</span></a>More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.

]]>More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.More advice from Bob; PCI 3 is here; Stats from a survey of malware analysts; A report from EastWest on measuring the Cyber Security Problem; The benefits of a GRC program; and we talk about web defacements.Jerry Bell and Andrew Kalatclean50:54999Defensive Security Podcast Episode 42https://defensivesecurity.org/defensive-security-podcast-episode-42/
Tue, 12 Nov 2013 01:48:45 +0000https://defensivesecurity.org/?p=994https://defensivesecurity.org/defensive-security-podcast-episode-42/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-42/feed/0Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-42/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 42</span> <span class="meta-nav">→</span></a>Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk on advanced malware.

]]>Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn’t pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0da...Bob drops some more advice on malware; More details emerge about the Adobe password breach and it isn't pretty; Long live the security perimeter; Snowden highlights the importance of not sharing passwords, and the downside to when it happens; A new 0day impacting Internet Explorer is making the rounds; And part 2 of our talk on advanced malware.Jerry Bell and Andrew Kalatclean59:49994Defensive Security Podcast Episode 41https://defensivesecurity.org/defensive-security-podcast-episode-41/
Tue, 05 Nov 2013 02:19:06 +0000https://defensivesecurity.org/?p=988https://defensivesecurity.org/defensive-security-podcast-episode-41/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-41/feed/0New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-41/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 41</span> <span class="meta-nav">→</span></a>New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about #badbios.

]]>New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned;...New trojan looking for SAP installations, possibly a harbinger of things to come; Turns out Adobe used symmetric encryption to store the 130M passwords that were stolen; A dicey list of suggestions on how not to be the guy that gets your company owned; The results of the 2013 social engineering capture the flag are not pretty; Some security researchers completely compromise a government agency with a fake Facebook profile of an attractive lady; and all sorts of craziness about #badbios.Jerry Bell and Andrew Kalatclean1:04:08988Defensive Security Podcast Episode 40https://defensivesecurity.org/defensive-security-podcast-episode-40/
Tue, 29 Oct 2013 01:31:25 +0000https://defensivesecurity.org/?p=983https://defensivesecurity.org/defensive-security-podcast-episode-40/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-40/feed/0Federal employees circumventing onerous security controls resulting in breaches; Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://www.networkworld.com/news/2013/101713-federal-security-breaches-traced-to-274944.html http://www.securelist.com/en/blog/208214109/Cryptolocker_Wants_Your_Money http://bartblaze.blogspot.com/2013/10/phpnet-compromised.html http://arstechnica.com/security/2013/10/hackers-compromise-official-php-website-infect-visitors-with-malware/ http://www.pcworld.com/article/2056188/brace-for-stronger-ddos-attacks-security-firm-warns.htmlFederal employees circumventing onerous security controls resulting in breaches; Cryptolocker is scary stuff; PHP.net hacked, and the response; DDOS attacks getting much larger, but lasting less time; Our discussion on advanced malware.

Hidden Lynx – how to protect against it: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/hidden_lynx.pdf

]]>How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password security Subscribe in iT...How to change your SSN; How Snowden was able to access and steal the documents; Liberty Mutual sues Schucks grocery store over cyber breach insurance policy; Barclays and Santander banks hit with physical IT attacks; password securityJerry Bell and Andrew Kalatclean1:03:37926Defensive Security Podcast Episode 35https://defensivesecurity.org/defensive-security-podcast-episode-35/
Mon, 16 Sep 2013 01:19:59 +0000https://defensivesecurity.org/?p=922https://defensivesecurity.org/defensive-security-podcast-episode-35/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-35/feed/0Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks. Subscribe in iTunes | Podcast … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-35/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 35</span> <span class="meta-nav">→</span></a>Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do it; and a winding discussion on man in the middle attacks.

]]>Paying attention to security is important – regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional – just do i...Paying attention to security is important - regulators are swirling: HTC and TrendNet have to submit to independent security audits every other year for 20 years, 50 other companies need to as well; encrypting your endpoints is not optional - just do it; and a winding discussion on man in the middle attacks.Jerry Bell and Andrew Kalatclean50:12922Defensive Security Podcast Episode 34https://defensivesecurity.org/defensive-security-podcast-episode-34/
Tue, 10 Sep 2013 02:56:47 +0000https://defensivesecurity.org/?p=919https://defensivesecurity.org/defensive-security-podcast-episode-34/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-34/feed/0On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it?lite http://akamai.infoworld.com/t/data-security/how-secure-your-company-against-nsa-inspired-hacking-226264 http://www.darkreading.com/vulnerability/getting-the-most-out-of-a-security-red-t/240160471On preventing Snowden-style data leaks in your organization; should companies really worry about NSA spying?; On the usefulness of Red Team exercises; and how to defend against DDOS attacks.

]]>Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO’s; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner’s recommendations for engaging the board of directors and other manage...Mcafee apologizes for a USD$1T report; how the Snowden effect is impacting CIO's; millions robbed from banks by attacking the wire transfer network, and hiding behind a DoS; Gartner's recommendations for engaging the board of directors and other management in the security process.Jerry Bell and Andrew Kalatclean39:07906Defensive Security Podcast Episode 31https://defensivesecurity.org/defensive-security-podcast-episode-31/
Mon, 19 Aug 2013 00:39:47 +0000https://defensivesecurity.org/?p=898https://defensivesecurity.org/defensive-security-podcast-episode-31/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-31/feed/0Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Windows XP vulnerabilities may be stored up: http://www.infoworld.com/d/microsoft-windows/xps-retirement-will-be-hacker-heaven-224796?page=0,1 Department of … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-31/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 31</span> <span class="meta-nav">→</span></a>Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.

Here is the link to the Society for Information Risk Analysts I mentioned: https://www.societyinforisk.org/ – the mailing list is here: http://lists.societyinforisk.org/mailman/listinfo/sira

]]>Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit....Windows XP vulnerabilities may be stored up until after end of support on April 8, 2014; Department of Energy hacked for a second time in 2013; using metasploit and exploitDB to prioritize vulnerability patching; and a number of discussions on Lavabit.Jerry Bell and Andrew Kalatclean44:38898Defensive Security Podcast Episode 30https://defensivesecurity.org/defensive-security-podcast-episode-30/
Mon, 12 Aug 2013 01:11:29 +0000https://defensivesecurity.org/?p=892https://defensivesecurity.org/defensive-security-podcast-episode-30/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-30/feed/0Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Escrow service company forced to close after $1.5M theft resulting from malware: http://krebsonsecurity.com/2013/08/1-5-million-cyberheist-ruins-escrow-firm/ Incentives for complying with cyber … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-30/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 30</span> <span class="meta-nav">→</span></a>Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit

]]>Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kit Subscribe in...Escrow service company forced to close after $1.5M theft resulting from malware, Incentives for complying with cyber framework, Benefits of expanding the cyber insurance market, Thousands of .nl domains redirected to black hole exploit kitJerry Bell and Andrew Kalatclean41:48892Defensive Security Podcast Episode 29https://defensivesecurity.org/defensive-security-podcast-episode-29/
Sun, 04 Aug 2013 17:45:03 +0000https://defensivesecurity.org/?p=886https://defensivesecurity.org/defensive-security-podcast-episode-29/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-29/feed/0Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term “black swan”. Subscribe in iTunes | Podcast RSS Feed | Twitter | Email Cyber … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-29/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 29</span> <span class="meta-nav">→</span></a>Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term “black swan”.

]]>Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators,Cyber Security, cybersecurity or cyber-security? On the need to be wary of USB devices despite having autorun disabled, the hacking of OVH highlights the need to take specific precautions with administrators, large UK companies urged to perform a cyber security review, and the misuse of the term "black swan".Jerry Bell and Andrew Kalatclean26:45886Defensive Security Podcast Episode 28https://defensivesecurity.org/defensive-security-podcast-episode-28/
Sun, 28 Jul 2013 03:36:24 +0000https://defensivesecurity.org/?p=880https://defensivesecurity.org/defensive-security-podcast-episode-28/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-28/feed/0Perception of risk as an art vs science, Estimating the economic impact of cybercrime and espionage, The futility of analyzing malware and the need to get better at detecting its activity, An attempt to link bad metrics to data loss trends, Insurance is getting cyber security savvy, Application whitelisting, Don’t forget about risks from security … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-28/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 28</span> <span class="meta-nav">→</span></a>Perception of risk as an art vs science, Estimating the economic impact of cybercrime and espionage, The futility of analyzing malware and the need to get better at detecting its activity, An attempt to link bad metrics to data loss trends, Insurance is getting cyber security savvy, Application whitelisting, Don’t forget about risks from security devices, Verizon releases the VERIS community database.

]]>Perception of risk as an art vs science, Estimating the economic impact of cybercrime and espionage, The futility of analyzing malware and the need to get better at detecting its activity, An attempt to link bad metrics to data loss trends,Perception of risk as an art vs science, Estimating the economic impact of cybercrime and espionage, The futility of analyzing malware and the need to get better at detecting its activity, An attempt to link bad metrics to data loss trends, Insurance is getting cyber security savvy, Application whitelisting, Don't forget about risks from security devices, Verizon releases the VERIS community databaseJerry Bell and Andrew Kalatclean35:50880Defensive Security Podcast Episode 27https://defensivesecurity.org/defensive-security-podcast-episode-27/
Sun, 21 Jul 2013 19:59:44 +0000https://defensivesecurity.org/?p=875https://defensivesecurity.org/defensive-security-podcast-episode-27/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-27/feed/0Ten year old Java bug, old and vulnerable versions of Java dominate on corporate desktops, a guide on critical infrastructure security, what is wrong with applying standard security approaches to industrial control environments, Lloyds survey finds cyber security is the number 3 concern of business leaders, watering hole attacks are replacing spear phishing as the … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-27/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 27</span> <span class="meta-nav">→</span></a>Ten year old Java bug, old and vulnerable versions of Java dominate on corporate desktops, a guide on critical infrastructure security, what is wrong with applying standard security approaches to industrial control environments, Lloyds survey finds cyber security is the number 3 concern of business leaders, watering hole attacks are replacing spear phishing as the attack method of choice, the crazy high value of health information dossiers and a cyber exercise performed by some large US banks.

]]>Snowden offered asylum, Germany’s interior minister cautions Germans against using US-based services, California AG urges legislation to require the use of encryption, 85% of virus infections are from drive by download, Attacks on energy sector,Snowden offered asylum, Germany's interior minister cautions Germans against using US-based services, California AG urges legislation to require the use of encryption, 85% of virus infections are from drive by download, Attacks on energy sector, Texas government infections, MS TuesdayJerry Bell and Andrew Kalatclean19:53861Defensive Security Podcast Episode 24https://defensivesecurity.org/defensive-security-podcast-episode-24/
Mon, 01 Jul 2013 01:49:59 +0000https://defensivesecurity.org/?p=835https://defensivesecurity.org/defensive-security-podcast-episode-24/#respondhttps://defensivesecurity.org/defensive-security-podcast-episode-24/feed/0Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing … <a href="https://defensivesecurity.org/defensive-security-podcast-episode-24/" class="more-link">Continue reading <span class="screen-reader-text">Defensive Security Podcast Episode 24</span> <span class="meta-nav">→</span></a>Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing attacks, Google reports that compromised legitimate sites are more dangerous than malicious sites, Sophos says 30,000 SMB sites are hacked per day to spread malware, the age old debate about administrator rights, password complexity, and the unintended consequences of leaks: foreign companies defect to more hospitable countries, renewed focus on systems administrators, and we can stop pretending to not know where Stuxnet came from.

]]>Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan’s source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army a...Kaspersky study indicates 200,000 malware variants are released daily, the Carberp trojan's source code is leaked and an 0day is discovered, FINRA reports on prolific cyber attacks against its members, the FT is attacked by the Syrian Electronic Army and gives a play by play on what happened, Kaspersky reports an 87% increase in phishing attacks, Google reports that compromised legitimate sites are more dangerous than malicious sites, Sophos says 30,000 SMB sites are hacked per day to spread malware, the age old debate about administrator rights, password complexity, and the unintended consequences of leaks: foreign companies defect to more hospitable countries, renewed focus on systems administrators, and we can stop pretending to not know where Stuxnet came from.Jerry Bell and Andrew Kalatclean50:19835